a24d22b225
Currently <crypto/sha.h> contains declarations for both SHA-1 and SHA-2, and <crypto/sha3.h> contains declarations for SHA-3. This organization is inconsistent, but more importantly SHA-1 is no longer considered to be cryptographically secure. So to the extent possible, SHA-1 shouldn't be grouped together with any of the other SHA versions, and usage of it should be phased out. Therefore, split <crypto/sha.h> into two headers <crypto/sha1.h> and <crypto/sha2.h>, and make everyone explicitly specify whether they want the declarations for SHA-1, SHA-2, or both. This avoids making the SHA-1 declarations visible to files that don't want anything to do with SHA-1. It also prepares for potentially moving sha1.h into a new insecure/ or dangerous/ directory. Signed-off-by: Eric Biggers <ebiggers@google.com> Acked-by: Ard Biesheuvel <ardb@kernel.org> Acked-by: Jason A. Donenfeld <Jason@zx2c4.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
114 lines
2.6 KiB
C
114 lines
2.6 KiB
C
/* SPDX-License-Identifier: GPL-2.0-only */
|
|
/*
|
|
* sha256_base.h - core logic for SHA-256 implementations
|
|
*
|
|
* Copyright (C) 2015 Linaro Ltd <ard.biesheuvel@linaro.org>
|
|
*/
|
|
|
|
#ifndef _CRYPTO_SHA256_BASE_H
|
|
#define _CRYPTO_SHA256_BASE_H
|
|
|
|
#include <crypto/internal/hash.h>
|
|
#include <crypto/sha2.h>
|
|
#include <linux/crypto.h>
|
|
#include <linux/module.h>
|
|
#include <linux/string.h>
|
|
|
|
#include <asm/unaligned.h>
|
|
|
|
typedef void (sha256_block_fn)(struct sha256_state *sst, u8 const *src,
|
|
int blocks);
|
|
|
|
static inline int sha224_base_init(struct shash_desc *desc)
|
|
{
|
|
struct sha256_state *sctx = shash_desc_ctx(desc);
|
|
|
|
sha224_init(sctx);
|
|
return 0;
|
|
}
|
|
|
|
static inline int sha256_base_init(struct shash_desc *desc)
|
|
{
|
|
struct sha256_state *sctx = shash_desc_ctx(desc);
|
|
|
|
sha256_init(sctx);
|
|
return 0;
|
|
}
|
|
|
|
static inline int sha256_base_do_update(struct shash_desc *desc,
|
|
const u8 *data,
|
|
unsigned int len,
|
|
sha256_block_fn *block_fn)
|
|
{
|
|
struct sha256_state *sctx = shash_desc_ctx(desc);
|
|
unsigned int partial = sctx->count % SHA256_BLOCK_SIZE;
|
|
|
|
sctx->count += len;
|
|
|
|
if (unlikely((partial + len) >= SHA256_BLOCK_SIZE)) {
|
|
int blocks;
|
|
|
|
if (partial) {
|
|
int p = SHA256_BLOCK_SIZE - partial;
|
|
|
|
memcpy(sctx->buf + partial, data, p);
|
|
data += p;
|
|
len -= p;
|
|
|
|
block_fn(sctx, sctx->buf, 1);
|
|
}
|
|
|
|
blocks = len / SHA256_BLOCK_SIZE;
|
|
len %= SHA256_BLOCK_SIZE;
|
|
|
|
if (blocks) {
|
|
block_fn(sctx, data, blocks);
|
|
data += blocks * SHA256_BLOCK_SIZE;
|
|
}
|
|
partial = 0;
|
|
}
|
|
if (len)
|
|
memcpy(sctx->buf + partial, data, len);
|
|
|
|
return 0;
|
|
}
|
|
|
|
static inline int sha256_base_do_finalize(struct shash_desc *desc,
|
|
sha256_block_fn *block_fn)
|
|
{
|
|
const int bit_offset = SHA256_BLOCK_SIZE - sizeof(__be64);
|
|
struct sha256_state *sctx = shash_desc_ctx(desc);
|
|
__be64 *bits = (__be64 *)(sctx->buf + bit_offset);
|
|
unsigned int partial = sctx->count % SHA256_BLOCK_SIZE;
|
|
|
|
sctx->buf[partial++] = 0x80;
|
|
if (partial > bit_offset) {
|
|
memset(sctx->buf + partial, 0x0, SHA256_BLOCK_SIZE - partial);
|
|
partial = 0;
|
|
|
|
block_fn(sctx, sctx->buf, 1);
|
|
}
|
|
|
|
memset(sctx->buf + partial, 0x0, bit_offset - partial);
|
|
*bits = cpu_to_be64(sctx->count << 3);
|
|
block_fn(sctx, sctx->buf, 1);
|
|
|
|
return 0;
|
|
}
|
|
|
|
static inline int sha256_base_finish(struct shash_desc *desc, u8 *out)
|
|
{
|
|
unsigned int digest_size = crypto_shash_digestsize(desc->tfm);
|
|
struct sha256_state *sctx = shash_desc_ctx(desc);
|
|
__be32 *digest = (__be32 *)out;
|
|
int i;
|
|
|
|
for (i = 0; digest_size > 0; i++, digest_size -= sizeof(__be32))
|
|
put_unaligned_be32(sctx->state[i], digest++);
|
|
|
|
memzero_explicit(sctx, sizeof(*sctx));
|
|
return 0;
|
|
}
|
|
|
|
#endif /* _CRYPTO_SHA256_BASE_H */
|